By Mike Knight
The UK government’s MI5-run ‘Centre for the Protection of National Infrastructure’ has launched a new app to help people spot approaches from foreign spies and organised criminals seeking sensitive information.
Really? How Big Is The Problem?
According to MI5, it spotted 10,000 UK nationals across society being approached last year via fake social media profiles, e.g. on LinkedIn and Facebook.
Who Are The Targets?
Although the new ‘Think Before You Link’ app can be downloaded by anybody, it is really aimed at people working in sensitive industries, those working in government (e.g. civil servants) plus those in high-tech business and in academia.
According to the CPNI, hostile actors and criminals usually contact the target by posing as an interested ‘employer’ or recruitment consultant presenting a unique business opportunity. They then ask for further details about the target’s background, try to “sell” the business opportunity, insisting on discussing it privately, away from the initial website.
The CPNI says that this kind of engagement is an attempt to understand the level of access the individual has to sensitive information by drawing it out from them and then build a longer-term relationship. The idea is, of course, that the target remains unaware of the real purpose of the approach and, in some instances, they believe they are providing information to develop a legitimate business opportunity.
The CPNI says that some of the signs of an approach by hostile actors include offers that are ‘too good to be true’, a lack of any visible or checkable company information available online, the use of flattery, attempts to introduce urgency, selling an idea/opportunity as being scarce/ one-off or exclusive, and the imbalance of a disproportionate focus on the target’s company, rather than validating the target as a candidate.
How Can The App Stop This From Happening?
The ‘Think Before You Link’ app, designed with the help of behavioural scientists, uses the following features to help protect the users from approaches by spies and scammers: ie, those working in government (e.g. civil servants) plus those in high-tech business and in academia.
- Interactive learning to provide the user with the knowledge of how to spot malicious approaches. This includes tailored content and case studies with more relevance to the user’s sector and role.
- A social media profile reviewer which includes a built-in reverse image search to identify profile pictures which may be re-used from other sites and includes self-answer questions.
- A reporting mechanism to help the user to report a profile that might be malicious.
What Does This Mean For Your Business?
With threats such as economic espionage, worries about how states such as China and Russia using social media to influence opinion, a proliferation of online scams (e.g. recent ones using the situation in Ukraine), and news of Pegasus spyware at 10 Downing Street, fears are running high.
This app may be a useful way to educate, alert and remind those in sensitive professions of today’s threats as well as providing a fast and handy way for reporting which could help provide a more accurate picture of the type and range of security threats and help enable faster and better responses.
Although most of us are unlikely to be targeted by spies, at least this app may stop and flag-up some of the many security compromises via fake social media profiles. It may also provide a way for the government to gather evidence that may be used to put more pressure on the major social media companies to do more to tackle the problem of fake profiles.